From 9b5218c341a6d6b37a12260f171e9007b9eb9908 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Fri, 12 Aug 2016 22:32:23 +0100 Subject: [PATCH] adnsresfilter: Fix addrtextbuf buffer size We can write 18 bytes (including the trailing nul) to this. This is not actually a problem in real compiled code because: cbyte is generally the next thing; cbytes's alignment means that there are a further two bytes of padding; and we only write the next two bytes (']' and a nul) in a situation where we are done with cbyte anyway. But it should be fixed. Reported-by: Ron Henderson Signed-off-by: Ian Jackson --- changelog | 2 ++ client/adnsresfilter.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 3449f33..487c24e 100644 --- a/changelog +++ b/changelog @@ -12,6 +12,8 @@ adns (1.5.1~~) UPSTREAM; urgency=low when one of the address queries returns a permanent error (although, the application almost certainly won't use this pointer because the associated count is zero). + * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a + problem in real compiled code but should be corrected. -- diff --git a/client/adnsresfilter.c b/client/adnsresfilter.c index 770af17..3e5255c 100644 --- a/client/adnsresfilter.c +++ b/client/adnsresfilter.c @@ -67,7 +67,7 @@ static int peroutqueuenode, outqueuelen; static struct sockaddr_in sa; static adns_state ads; -static char addrtextbuf[14]; +static char addrtextbuf[18]; /* [ddd.ddd.ddd.ddd] + nul */ static int cbyte, inbyte, inbuf; static unsigned char bytes[4]; static struct timeval printbefore; -- 2.30.2